0

I'm using webalizer-2.23-04-cygwin, the latest binary I could find, and it's doing the same thing an older version was also doing on a certain 900MB logfile I have. It only shows the first 411 hits, everything before around 6pm, not that there's anything special about that, at least when I look at the lines of the logfile myself I don't see much difference.

I'm using the sample.conf file with only these changes:

  1. output directory
  2. Incremental yes -- read somewhere this might help with this issue but didn't
  3. Really_quiet yes

The latter is because I was getting a number of "user name truncated" messages, but my logfile doesn't even have usernames, first 411 lines or not.

Example line 407:

10.0.1.1 - - [24/Sep/2010:17:42:27 -0400] "GET /home/ HTTP/1.1" 200 13382 "http://intapp/task5394" "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10"

Example line 435:

10.0.1.1 [24/Sep/2010:18:20:17 -0400] "GET /home/ HTTP/1.1" 200 11644 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10"

Example supressed warning:

Skipping bad record (3639)
Warning: Truncating oversized username

What am I doing wrong here?

Kev
  • 964
  • 4
  • 23
  • 46

1 Answers1

2

The log file format is different between your two examples. Since webalizer is expecting the first format, it can't parse the second format.

In the second example, fields 2 and 3 (each of which is a - here) have been removed.

You have a couple of options: You can edit the log file to replace the missing fields, or you can change webalizer's configuration to ignore the missing fields. Either way, you'll almost certainly have to split the log file at this change to work with it.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • So whichever format it finds first is fine? Thanks, I guess I didn't look closely enough at those two lines. – Kev Mar 28 '13 at 21:45
  • From looking at Webalizer's FAQ, it appears that it wants the logs to be in a specific format, so you'll probably have to add those fields to the log file. (Hint: Try the unix `paste` command.) – Michael Hampton Mar 28 '13 at 21:49
  • Oh. I was going to say, I chopped the first 411 lines and it warns from the very first line already. – Kev Mar 28 '13 at 21:58
  • And I don't have unix handy... – Kev Mar 28 '13 at 21:58
  • 1
    It's just a download away, then... :) – Michael Hampton Mar 28 '13 at 21:59
  • Sure. Meanwhile, I'm not sure why this log is the way it is--according to the FAQ, with Apache `CustomLog ... combined` should do it, and that's what my conf is set to. Unless they changed the default on Apache 2.2... – Kev Mar 28 '13 at 22:09
  • Because, obviously, someone changed the log format. – Michael Hampton Mar 28 '13 at 22:10